[VIM] The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit

Stuart Moore smoore at securityglobal.net
Tue Oct 10 23:49:53 EDT 2006


Sorry, I didn't see that str0ke posted this same info to bugtraq already.

Stuart



Stuart Moore wrote:
> At least in "index.php" there is this (preventing user specification of 
> isearch_path):
> 
>  > $isearch_path = dirname(__FILE__);
> 
> Didn't check the others.
> 
> Stuart
> 
> 
> 
> 
> 
>  > From:     xp1o at msn.com
>  > Subject:     The latest version of iSearch is V2.16 <= (index.php)
>  >               Remote File Inclusion Exploit
>  > Date:     7 Oct 2006 22:14:00 -0000
> 
> 


More information about the VIM mailing list